[
https://issues.apache.org/jira/browse/FLINK-25295?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17459520#comment-17459520
]
Chesnay Schepler edited comment on FLINK-25295 at 12/15/21, 1:46 AM:
---------------------------------------------------------------------
master: d5e0d9c68813e05e141516003c1e82b65ec7ccdf
1.14.3: 31112cafda3f62a61bf1e4b26f253595d3fe25dc
1.13.6: 809b059aa69f1f5049135671eb429287dc944268
There will be an additional set of comments exclusively for the
1.14.2/1.13.5/1.12.7/1.11.6 release tags.
1.14.2: 361ce6591069b2f7317f1c181cdaf7965615415c
1.13.5: cfbf9ad8dd559e120f6c52f151949d5117a3382b
1.12.7: 6339b8c8e42b44c58575c8d6b6b07cf14383d735
1.11.6: 4fe4ae79a3306485853baf9e0651d0a0f5ed1fc0
was (Author: zentol):
master: d5e0d9c68813e05e141516003c1e82b65ec7ccdf
1.14.3: 31112cafda3f62a61bf1e4b26f253595d3fe25dc
1.13.6: 809b059aa69f1f5049135671eb429287dc944268
There will be an additional set of comments exclusively for the
1.14.2/1.13.5/1.12.7/1.11.6 release tags.
> Update Log4j to 2.16.0
> ----------------------
>
> Key: FLINK-25295
> URL: https://issues.apache.org/jira/browse/FLINK-25295
> Project: Flink
> Issue Type: Technical Debt
> Components: API / Core
> Reporter: Martijn Visser
> Assignee: Martijn Visser
> Priority: Minor
> Labels: pull-request-available
> Fix For: 1.15.0, 1.11.6, 1.12.7, 1.13.5, 1.14.2
>
>
> Log4j 2.16.0 has been released
> https://lists.apache.org/thread/d6v4r6nosxysyq9rvnr779336yf0woz4
> This version removes message lookups and disables JNDI by default and results
> in a hardening of the default behaviour and configuration.
> Just to be clear, this dependency upgrade is not required to fix
> CVE-2021-44228. That has already been covered by
> https://issues.apache.org/jira/browse/FLINK-25240
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
